Search

Find a vulnerability

Search criteria

    32 vulnerabilities found for App Connect Enterprise by IBM

    CVE-2026-3602 (GCVE-0-2026-3602)

    Vulnerability from nvd – Published: 2026-06-30 19:19 – Updated: 2026-06-30 19:31
    VLAI
    Title
    IBM App Connect Enterprise and IBM Integration Bus for z/OS toolkit is vulnerable to an sql injection
    Summary
    IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7278350 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 13.0.1.0 , ≤ 13.0.7.2 (semver)
    Affected: 12.0.1.0 , ≤ 12.0.12.26 (semver)
        cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:13.0.7.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.26:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Integration Bus for z/OS Affected: 10.1.0.0 , ≤ 10.1.0.7 (semver)
        cpe:2.3:a:ibm:integration_bus_for_zos:10.1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:integration_bus_for_zos:10.1.0.7:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3602",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T19:30:51.792018Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T19:31:02.140Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:13.0.7.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.26:*:*:*:*:*:*:*"
              ],
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "13.0.7.2",
                  "status": "affected",
                  "version": "13.0.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.12.26",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:integration_bus_for_zos:10.1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:integration_bus_for_zos:10.1.0.7:*:*:*:*:*:*:*"
              ],
              "product": "Integration Bus for z/OS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "10.1.0.7",
                  "status": "affected",
                  "version": "10.1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of.\u003c/p\u003e"
                }
              ],
              "value": "IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:19:47.135Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7278350"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cstrong\u003eIBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise and IBM Integration Bus for z/OS \u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ccolgroup\u003e\u003ccol/\u003e\u003ccol/\u003e\u003ccol/\u003e\u003ccol/\u003e\u003c/colgroup\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Product(s)\u003c/td\u003e\u003ctd\u003eVersion(s)\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation / Fixes\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM App Connect Enterprise\u003c/td\u003e\u003ctd\u003e13.0.1.0 - 13.0.7.2\u003c/td\u003e\u003ctd\u003ePH71150\u003c/td\u003e\u003ctd\u003e\u003cp\u003eThe APAR (PH71150) is available from\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/pages/download-ibm-app-connect-enterprise-13080\" rel=\"noopener noreferrer nofollow\"\u003eIBM App Connect Enterprise v13- Fix Pack Release 13.0.8.0\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM App Connect Enterprise\u003c/td\u003e\u003ctd\u003e12.0.1.0 -\u00a012.0.12.26\u00a0\u003c/td\u003e\u003ctd\u003ePH71150\u003c/td\u003e\u003ctd\u003e\u003cp\u003eThe APAR (PH71150) is available from\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/pages/download-ibm-app-connect-enterprise-1201227-fix-pack\" rel=\"noopener noreferrer nofollow\"\u003eIBM App Connect Enterprise v12- Fix Pack Release 12.0.12.27\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Integration Bus for z/OS\u003c/td\u003e\u003ctd\u003e10.1.0.0 - 10.1.0.7\u003c/td\u003e\u003ctd\u003ePH71150\u003c/td\u003e\u003ctd\u003e\u003cp\u003eInterim Fix for APAR (PH71150) is available to apply to 10.1.0.7 from\u00a0\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere\u0026amp;product=ibm/WebSphere/Integration+Bus\u0026amp;release=10.1.0.7\u0026amp;platform=All\u0026amp;function=aparId\u0026amp;apars=PH71150\" rel=\"nofollow\"\u003eIBM Fix Central\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise and IBM Integration Bus for z/OS Affected Product(s)Version(s)APARRemediation / FixesIBM App Connect Enterprise13.0.1.0 - 13.0.7.2PH71150The APAR (PH71150) is available fromIBM App Connect Enterprise v13- Fix Pack Release 13.0.8.0IBM App Connect Enterprise12.0.1.0 -\u00a012.0.12.26\u00a0PH71150The APAR (PH71150) is available fromIBM App Connect Enterprise v12- Fix Pack Release 12.0.12.27IBM Integration Bus for z/OS10.1.0.0 - 10.1.0.7PH71150Interim Fix for APAR (PH71150) is available to apply to 10.1.0.7 from\u00a0IBM Fix Central"
            }
          ],
          "title": "IBM App Connect Enterprise and IBM Integration Bus for z/OS toolkit is vulnerable to an sql injection",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-3602",
        "datePublished": "2026-06-30T19:19:47.135Z",
        "dateReserved": "2026-03-05T14:48:57.881Z",
        "dateUpdated": "2026-06-30T19:31:02.140Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5515 (GCVE-0-2026-5515)

    Vulnerability from nvd – Published: 2026-05-27 12:58 – Updated: 2026-06-02 16:12
    VLAI
    Title
    IBM App Connect Enterprise is vulnerable to a confidential disclosure
    Summary
    IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7272270 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 13.0.1.0 , ≤ 13.0.7.0 (semver)
        cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:13.0.7.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5515",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T15:29:42.607871Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-532",
                    "description": "CWE-532 Insertion of Sensitive Information into Log File",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T16:12:13.028Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:13.0.7.0:*:*:*:*:*:*:*"
              ],
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "13.0.7.0",
                  "status": "affected",
                  "version": "13.0.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.\u003c/p\u003e"
                }
              ],
              "value": "IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T12:58:13.004Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7272270"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cstrong\u003eIBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise \u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Product(s)\u003c/td\u003e\u003ctd\u003eVersion(s)\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation / Fixes\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM App Connect Enterprise\u003c/td\u003e\u003ctd\u003e13.0.1.0 - 13.0.7.0\u003c/td\u003e\u003ctd\u003eIT49227\u003c/td\u003e\u003ctd\u003e\u003cp\u003eThe APAR (IT49227) is available from\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/pages/download-ibm-app-connect-enterprise-13071\" rel=\"noopener noreferrer nofollow\"\u003eIBM App Connect Enterprise v13- Fix Pack Release 13.0.7.1\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise \n\nAffected Product(s)Version(s)APARRemediation / FixesIBM App Connect Enterprise13.0.1.0 - 13.0.7.0IT49227\n\nThe APAR (IT49227) is available from\n\n\n\n IBM App Connect Enterprise v13- Fix Pack Release 13.0.7.1 https://www.ibm.com/support/pages/download-ibm-app-connect-enterprise-13071"
            }
          ],
          "title": "IBM App Connect Enterprise is vulnerable to a confidential disclosure",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-5515",
        "datePublished": "2026-05-27T12:58:13.004Z",
        "dateReserved": "2026-04-03T21:46:07.141Z",
        "dateUpdated": "2026-06-02T16:12:13.028Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36361 (GCVE-0-2025-36361)

    Vulnerability from nvd – Published: 2025-10-24 09:35 – Updated: 2025-10-25 02:03
    VLAI
    Title
    IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA
    Summary
    IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7249061 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 13.0.1.0 , ≤ 13.0.4.2 (semver)
    Affected: 12.0.1.0 , ≤ 12.0.12.17 (semver)
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:13.0.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.17:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36361",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-24T13:19:00.627097Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-24T13:19:22.209Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:13.0.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.17:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "13.0.4.2",
                  "status": "affected",
                  "version": "13.0.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.12.17",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.\u003c/p\u003e"
                }
              ],
              "value": "IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-25T02:03:18.631Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7249061"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eRemediation/Fixes Affected Product(s) Versions(s) APAR Remediation / Fixes IBM App Connect Enterprise 13.0.1.0 - 13.0.4.2 IT48403 The APAR (IT48403) is available from IBM App Connect Enterprise v13- Fix Pack Release 13.0.5.0 IBM App Connect Enterprise 12.0.1.0 - 12.0.12.17 IT48403 The APAR (IT48403) is available from IBM App Connect Enterprise v12- Fix Pack Release 12.0.12.18\u003c/p\u003e"
                }
              ],
              "value": "Remediation/Fixes Affected Product(s) Versions(s) APAR Remediation / Fixes IBM App Connect Enterprise 13.0.1.0 - 13.0.4.2 IT48403 The APAR (IT48403) is available from IBM App Connect Enterprise v13- Fix Pack Release 13.0.5.0 IBM App Connect Enterprise 12.0.1.0 - 12.0.12.17 IT48403 The APAR (IT48403) is available from IBM App Connect Enterprise v12- Fix Pack Release 12.0.12.18"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36361",
        "datePublished": "2025-10-24T09:35:20.590Z",
        "dateReserved": "2025-04-15T21:16:55.331Z",
        "dateUpdated": "2025-10-25T02:03:18.631Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-49338 (GCVE-0-2024-49338)

    Vulnerability from nvd – Published: 2025-01-18 15:00 – Updated: 2025-01-21 20:59
    VLAI
    Title
    IBM App Connect Enterprise information disclosure
    Summary
    IBM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1323 - Improper Management of Sensitive Trace Data
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 12.0.1.0 , ≤ 12.0.7.0 (semver)
    Affected: 13.0.1.0
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.7.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-49338",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-21T20:59:34.777237Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-21T20:59:39.138Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.7.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.7.0",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "13.0.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials.\u003c/span\u003e"
                }
              ],
              "value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1323",
                  "description": "CWE-1323 Improper Management of Sensitive Trace Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-18T15:00:16.148Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7175396"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-49338",
        "datePublished": "2025-01-18T15:00:16.148Z",
        "dateReserved": "2024-10-14T12:05:13.491Z",
        "dateUpdated": "2025-01-21T20:59:39.138Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-31895 (GCVE-0-2024-31895)

    Vulnerability from nvd – Published: 2024-05-22 19:16 – Updated: 2024-08-02 01:59
    VLAI
    Title
    IBM App Connect Enterprise information disclosure
    Summary
    IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-324 - Use of a Key Past its Expiration Date
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 12.0.1.0 , ≤ 12.0.12.1 (semver)
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-31895",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-28T20:08:44.469157Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-28T20:08:52.341Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:59:50.213Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7154606"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/288176"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.12.1",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token.  IBM X-Force ID:  288176."
                }
              ],
              "value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token.  IBM X-Force ID:  288176."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-324",
                  "description": "CWE-324 Use of a Key Past its Expiration Date",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-22T19:16:30.321Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7154606"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/288176"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-31895",
        "datePublished": "2024-05-22T19:16:30.321Z",
        "dateReserved": "2024-04-07T12:44:57.196Z",
        "dateUpdated": "2024-08-02T01:59:50.213Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-31894 (GCVE-0-2024-31894)

    Vulnerability from nvd – Published: 2024-05-22 19:17 – Updated: 2024-08-02 01:59
    VLAI
    Title
    IBM App Connect Enterprise information disclosure
    Summary
    IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-324 - Use of a Key Past its Expiration Date
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 12.0.1.0 , ≤ 12.0.12.1 (semver)
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-31894",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-28T20:07:10.305598Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-28T20:07:17.638Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:59:50.475Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7154606"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/288175"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.12.1",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token.  IBM X-Force ID:  288175."
                }
              ],
              "value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token.  IBM X-Force ID:  288175."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-324",
                  "description": "CWE-324 Use of a Key Past its Expiration Date",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-22T19:17:51.702Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7154606"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/288175"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-31894",
        "datePublished": "2024-05-22T19:17:51.702Z",
        "dateReserved": "2024-04-07T12:44:57.195Z",
        "dateUpdated": "2024-08-02T01:59:50.475Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-31904 (GCVE-0-2024-31904)

    Vulnerability from nvd – Published: 2024-05-22 18:34 – Updated: 2024-08-02 01:59
    VLAI
    Title
    IBM App Connect Enterprise denial of service
    Summary
    IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception. IBM X-Force ID: 289647.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 11.0.0.1 , ≤ 11.0.0.25 (semver)
    Affected: 12.0.1.0 , ≤ 12.0.12.0 (semver)
        cpe:2.3:a:ibm:app_connect_enterprise:11.0.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:11.0.0.25:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-31904",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-23T15:48:27.874415Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:36:06.241Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:59:50.282Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7154607"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/289647"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise:11.0.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:11.0.0.25:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.0.0.25",
                  "status": "affected",
                  "version": "11.0.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.12.0",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception.  IBM X-Force ID:  289647."
                }
              ],
              "value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception.  IBM X-Force ID:  289647."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248 Uncaught Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-22T18:34:39.881Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7154607"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/289647"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-31904",
        "datePublished": "2024-05-22T18:34:39.881Z",
        "dateReserved": "2024-04-07T12:45:07.197Z",
        "dateUpdated": "2024-08-02T01:59:50.282Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-31893 (GCVE-0-2024-31893)

    Vulnerability from nvd – Published: 2024-05-22 19:04 – Updated: 2024-08-02 01:59
    VLAI
    Title
    IBM App Connect Enterprise information disclosure
    Summary
    IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-324 - Use of a Key Past its Expiration Date
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 12.0.1.0 , ≤ 12.0.12.1 (semver)
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-31893",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-23T16:18:07.085045Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:36:39.524Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:59:49.929Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7154606"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/288174"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.12.1",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token.  IBM X-Force ID:  288174."
                }
              ],
              "value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token.  IBM X-Force ID:  288174."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-324",
                  "description": "CWE-324 Use of a Key Past its Expiration Date",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-22T19:04:53.056Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7154606"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/288174"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-31893",
        "datePublished": "2024-05-22T19:04:53.056Z",
        "dateReserved": "2024-04-07T12:44:57.195Z",
        "dateUpdated": "2024-08-02T01:59:49.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-28761 (GCVE-0-2024-28761)

    Vulnerability from nvd – Published: 2024-05-11 12:57 – Updated: 2025-03-13 17:33
    VLAI
    Title
    IBM App Connect Enterprise HTML injection
    Summary
    IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 285245.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • 80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 11.0.0.1 , ≤ 11.0.0.25 (semver)
    Affected: 12.0.1.0 , ≤ 12.0.12.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28761",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-12T21:15:49.473437Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-13T17:33:41.765Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:56:58.044Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7150847"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285245"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.0.0.25",
                  "status": "affected",
                  "version": "11.0.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.12.0",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site.  IBM X-Force ID:  285245."
                }
              ],
              "value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site.  IBM X-Force ID:  285245."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-11T12:57:59.134Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7150847"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285245"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise HTML injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-28761",
        "datePublished": "2024-05-11T12:57:59.134Z",
        "dateReserved": "2024-03-10T12:22:43.137Z",
        "dateUpdated": "2025-03-13T17:33:41.765Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-28760 (GCVE-0-2024-28760)

    Vulnerability from nvd – Published: 2024-05-11 13:00 – Updated: 2024-08-02 00:56
    VLAI
    Title
    IBM App Connect Enterprise denial of service
    Summary
    IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. IBM X-Force ID: 285244.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 11.0.0.1 , ≤ 11.0.0.25 (semver)
    Affected: 12.0.1.0 , ≤ 12.0.12.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28760",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-13T15:27:52.815838Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:03:38.042Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:56:58.372Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7150845"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285244"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.0.0.25",
                  "status": "affected",
                  "version": "11.0.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.12.0",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation.  IBM X-Force ID:  285244."
                }
              ],
              "value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation.  IBM X-Force ID:  285244."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-11T13:00:12.261Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7150845"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285244"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-28760",
        "datePublished": "2024-05-11T13:00:12.261Z",
        "dateReserved": "2024-03-10T12:22:43.137Z",
        "dateUpdated": "2024-08-02T00:56:58.372Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22356 (GCVE-0-2024-22356)

    Vulnerability from nvd – Published: 2024-03-26 14:12 – Updated: 2024-08-05 16:34
    VLAI
    Title
    IBM App Connect Enterprise and IBM Integration Bus for z/OS information disclosure
    Summary
    IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force ID: 280893.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-117 - Improper Output Neutralization for Logs
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 11.0.0.1 , ≤ 11.0.0.23 (semver)
    Affected: 12.0.1.0 , ≤ 12.0.9.0 (semver)
    Create a notification for this product.
    IBM Integration Bus Affected: 10.1 , ≤ 10.1.0.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:43:34.680Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7145144"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280893"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22356",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-05T16:34:25.516722Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:34:40.409Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.0.0.23",
                  "status": "affected",
                  "version": "11.0.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.9.0",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Integration Bus",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "10.1.0.2",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user.  IBM X-Force ID:  280893."
                }
              ],
              "value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user.  IBM X-Force ID:  280893."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-117",
                  "description": "CWE-117 Improper Output Neutralization for Logs",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-26T14:12:18.122Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7145144"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280893"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise and IBM Integration Bus for z/OS information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-22356",
        "datePublished": "2024-03-26T14:12:18.122Z",
        "dateReserved": "2024-01-08T23:42:36.757Z",
        "dateUpdated": "2024-08-05T16:34:40.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22317 (GCVE-0-2024-22317)

    Vulnerability from nvd – Published: 2024-01-18 13:16 – Updated: 2025-06-02 15:04
    VLAI
    Title
    IBM App Connect Enterprise denial of service
    Summary
    IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 11.0.0.1 , ≤ 11.0.0.24 (semver)
    Affected: 12.0.1.0 , ≤ 12.0.11.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:43:34.532Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7108661"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279143"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22317",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:42:52.445911Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-02T15:04:02.999Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.0.0.24",
                  "status": "affected",
                  "version": "11.0.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.11.0",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts.  IBM X-Force ID:  279143."
                }
              ],
              "value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts.  IBM X-Force ID:  279143."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-18T13:16:34.298Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7108661"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279143"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-22317",
        "datePublished": "2024-01-18T13:16:34.298Z",
        "dateReserved": "2024-01-08T23:41:52.508Z",
        "dateUpdated": "2025-06-02T15:04:02.999Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45176 (GCVE-0-2023-45176)

    Vulnerability from nvd – Published: 2023-10-14 15:35 – Updated: 2024-09-16 18:34
    VLAI
    Title
    IBM App Connect Enterprise and IBM Integration Bus denial of service
    Summary
    IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: 247998.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 11.0.0.1 , ≤ 11.0.0.23 (semver)
    Affected: 12.0.1.0 , ≤ 12.0.10.0 (semver)
    Create a notification for this product.
    IBM Integration Bus Affected: 10.1 , ≤ 10.1.0.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:19.866Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7051448"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267998"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45176",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-16T18:11:48.543494Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-16T18:34:37.866Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.0.0.23",
                  "status": "affected",
                  "version": "11.0.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.10.0",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Integration Bus",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "10.1.0.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows.  IBM X-Force ID:  247998."
                }
              ],
              "value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows.  IBM X-Force ID:  247998."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-14T15:35:21.138Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7051448"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267998"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise and IBM Integration Bus denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-45176",
        "datePublished": "2023-10-14T15:35:21.138Z",
        "dateReserved": "2023-10-05T01:38:58.206Z",
        "dateUpdated": "2024-09-16T18:34:37.866Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40682 (GCVE-0-2023-40682)

    Vulnerability from nvd – Published: 2023-10-13 15:41 – Updated: 2024-09-16 20:35
    VLAI
    Title
    IBM App Connect Enterprise information disclosure
    Summary
    IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 12.0.1.0 , ≤ 12.0.8.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:38:51.284Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7051204"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263833"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40682",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-16T20:35:13.215066Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-16T20:35:22.475Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.8.0",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs.  IBM X-Force ID:  263833."
                }
              ],
              "value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs.  IBM X-Force ID:  263833."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-13T15:41:07.361Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7051204"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263833"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-40682",
        "datePublished": "2023-10-13T15:41:07.361Z",
        "dateReserved": "2023-08-18T15:48:06.501Z",
        "dateUpdated": "2024-09-16T20:35:22.475Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42444 (GCVE-0-2022-42444)

    Vulnerability from nvd – Published: 2023-02-06 20:38 – Updated: 2025-03-25 15:54
    VLAI
    Title
    IBM App Connect Enterprise denial of service
    Summary
    IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 through 12.0.5.0 is vulnerable to a buffer overflow. A remote privileged user could overflow a buffer and cause the application to crash. IBM X-Force ID: 238538.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • 121 Stack-based Buffer Overflow
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 11.0.0.8 , < 11.0.0.19 (semver)
    Affected: 12.0.1.0 , < 12.0.5.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:10:40.814Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6890609"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238538"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42444",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-25T15:54:13.158311Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-121",
                    "description": "CWE-121 Stack-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-25T15:54:27.425Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThan": "11.0.0.19",
                  "status": "affected",
                  "version": "11.0.0.8",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.0.5.0",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 through 12.0.5.0 is vulnerable to a buffer overflow. A remote privileged user could overflow a buffer and cause the application to crash.  IBM X-Force ID:  238538."
                }
              ],
              "value": "IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 through 12.0.5.0 is vulnerable to a buffer overflow. A remote privileged user could overflow a buffer and cause the application to crash.  IBM X-Force ID:  238538."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "121 Stack-based Buffer Overflow",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-12T01:45:42.615Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/6890609"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238538"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-42444",
        "datePublished": "2023-02-06T20:38:25.295Z",
        "dateReserved": "2022-10-06T15:51:26.501Z",
        "dateUpdated": "2025-03-25T15:54:27.425Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42439 (GCVE-0-2022-42439)

    Vulnerability from nvd – Published: 2023-02-06 20:25 – Updated: 2025-03-25 17:35
    VLAI
    Title
    IBM App Connect Enterprise information disclosure
    Summary
    IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 11.0.0.17 , < 11.0.0.19 (semver)
    Affected: 12.0.4.0 , < 12.0.5.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:10:40.440Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6952435"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238211"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42439",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-25T17:35:05.619739Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-25T17:35:13.105Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThan": "11.0.0.19",
                  "status": "affected",
                  "version": "11.0.0.17",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.0.5.0",
                  "status": "affected",
                  "version": "12.0.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system\u2019s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.\u003c/span\u003e\n\n"
                }
              ],
              "value": "\nIBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system\u2019s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-17T16:10:51.689Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/6952435"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238211"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2022-42439",
        "datePublished": "2023-02-06T20:25:26.204Z",
        "dateReserved": "2022-10-06T15:51:26.500Z",
        "dateUpdated": "2025-03-25T17:35:13.105Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-3602 (GCVE-0-2026-3602)

    Vulnerability from cvelistv5 – Published: 2026-06-30 19:19 – Updated: 2026-06-30 19:31
    VLAI
    Title
    IBM App Connect Enterprise and IBM Integration Bus for z/OS toolkit is vulnerable to an sql injection
    Summary
    IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7278350 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 13.0.1.0 , ≤ 13.0.7.2 (semver)
    Affected: 12.0.1.0 , ≤ 12.0.12.26 (semver)
        cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:13.0.7.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.26:*:*:*:*:*:*:*
    Create a notification for this product.
    IBM Integration Bus for z/OS Affected: 10.1.0.0 , ≤ 10.1.0.7 (semver)
        cpe:2.3:a:ibm:integration_bus_for_zos:10.1.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:integration_bus_for_zos:10.1.0.7:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3602",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T19:30:51.792018Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T19:31:02.140Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:13.0.7.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.26:*:*:*:*:*:*:*"
              ],
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "13.0.7.2",
                  "status": "affected",
                  "version": "13.0.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.12.26",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:integration_bus_for_zos:10.1.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:integration_bus_for_zos:10.1.0.7:*:*:*:*:*:*:*"
              ],
              "product": "Integration Bus for z/OS",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "10.1.0.7",
                  "status": "affected",
                  "version": "10.1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of.\u003c/p\u003e"
                }
              ],
              "value": "IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T19:19:47.135Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7278350"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cstrong\u003eIBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise and IBM Integration Bus for z/OS \u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ccolgroup\u003e\u003ccol/\u003e\u003ccol/\u003e\u003ccol/\u003e\u003ccol/\u003e\u003c/colgroup\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Product(s)\u003c/td\u003e\u003ctd\u003eVersion(s)\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation / Fixes\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM App Connect Enterprise\u003c/td\u003e\u003ctd\u003e13.0.1.0 - 13.0.7.2\u003c/td\u003e\u003ctd\u003ePH71150\u003c/td\u003e\u003ctd\u003e\u003cp\u003eThe APAR (PH71150) is available from\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/pages/download-ibm-app-connect-enterprise-13080\" rel=\"noopener noreferrer nofollow\"\u003eIBM App Connect Enterprise v13- Fix Pack Release 13.0.8.0\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM App Connect Enterprise\u003c/td\u003e\u003ctd\u003e12.0.1.0 -\u00a012.0.12.26\u00a0\u003c/td\u003e\u003ctd\u003ePH71150\u003c/td\u003e\u003ctd\u003e\u003cp\u003eThe APAR (PH71150) is available from\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/pages/download-ibm-app-connect-enterprise-1201227-fix-pack\" rel=\"noopener noreferrer nofollow\"\u003eIBM App Connect Enterprise v12- Fix Pack Release 12.0.12.27\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Integration Bus for z/OS\u003c/td\u003e\u003ctd\u003e10.1.0.0 - 10.1.0.7\u003c/td\u003e\u003ctd\u003ePH71150\u003c/td\u003e\u003ctd\u003e\u003cp\u003eInterim Fix for APAR (PH71150) is available to apply to 10.1.0.7 from\u00a0\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere\u0026amp;product=ibm/WebSphere/Integration+Bus\u0026amp;release=10.1.0.7\u0026amp;platform=All\u0026amp;function=aparId\u0026amp;apars=PH71150\" rel=\"nofollow\"\u003eIBM Fix Central\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise and IBM Integration Bus for z/OS Affected Product(s)Version(s)APARRemediation / FixesIBM App Connect Enterprise13.0.1.0 - 13.0.7.2PH71150The APAR (PH71150) is available fromIBM App Connect Enterprise v13- Fix Pack Release 13.0.8.0IBM App Connect Enterprise12.0.1.0 -\u00a012.0.12.26\u00a0PH71150The APAR (PH71150) is available fromIBM App Connect Enterprise v12- Fix Pack Release 12.0.12.27IBM Integration Bus for z/OS10.1.0.0 - 10.1.0.7PH71150Interim Fix for APAR (PH71150) is available to apply to 10.1.0.7 from\u00a0IBM Fix Central"
            }
          ],
          "title": "IBM App Connect Enterprise and IBM Integration Bus for z/OS toolkit is vulnerable to an sql injection",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-3602",
        "datePublished": "2026-06-30T19:19:47.135Z",
        "dateReserved": "2026-03-05T14:48:57.881Z",
        "dateUpdated": "2026-06-30T19:31:02.140Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5515 (GCVE-0-2026-5515)

    Vulnerability from cvelistv5 – Published: 2026-05-27 12:58 – Updated: 2026-06-02 16:12
    VLAI
    Title
    IBM App Connect Enterprise is vulnerable to a confidential disclosure
    Summary
    IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7272270 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 13.0.1.0 , ≤ 13.0.7.0 (semver)
        cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:13.0.7.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5515",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T15:29:42.607871Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-532",
                    "description": "CWE-532 Insertion of Sensitive Information into Log File",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T16:12:13.028Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:13.0.7.0:*:*:*:*:*:*:*"
              ],
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "13.0.7.0",
                  "status": "affected",
                  "version": "13.0.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.\u003c/p\u003e"
                }
              ],
              "value": "IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T12:58:13.004Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7272270"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cstrong\u003eIBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise \u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected Product(s)\u003c/td\u003e\u003ctd\u003eVersion(s)\u003c/td\u003e\u003ctd\u003eAPAR\u003c/td\u003e\u003ctd\u003eRemediation / Fixes\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM App Connect Enterprise\u003c/td\u003e\u003ctd\u003e13.0.1.0 - 13.0.7.0\u003c/td\u003e\u003ctd\u003eIT49227\u003c/td\u003e\u003ctd\u003e\u003cp\u003eThe APAR (IT49227) is available from\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/pages/download-ibm-app-connect-enterprise-13071\" rel=\"noopener noreferrer nofollow\"\u003eIBM App Connect Enterprise v13- Fix Pack Release 13.0.7.1\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e"
                }
              ],
              "value": "IBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise \n\nAffected Product(s)Version(s)APARRemediation / FixesIBM App Connect Enterprise13.0.1.0 - 13.0.7.0IT49227\n\nThe APAR (IT49227) is available from\n\n\n\n IBM App Connect Enterprise v13- Fix Pack Release 13.0.7.1 https://www.ibm.com/support/pages/download-ibm-app-connect-enterprise-13071"
            }
          ],
          "title": "IBM App Connect Enterprise is vulnerable to a confidential disclosure",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2026-5515",
        "datePublished": "2026-05-27T12:58:13.004Z",
        "dateReserved": "2026-04-03T21:46:07.141Z",
        "dateUpdated": "2026-06-02T16:12:13.028Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-36361 (GCVE-0-2025-36361)

    Vulnerability from cvelistv5 – Published: 2025-10-24 09:35 – Updated: 2025-10-25 02:03
    VLAI
    Title
    IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA
    Summary
    IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7249061 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 13.0.1.0 , ≤ 13.0.4.2 (semver)
    Affected: 12.0.1.0 , ≤ 12.0.12.17 (semver)
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:13.0.4.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.17:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36361",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-24T13:19:00.627097Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-24T13:19:22.209Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:13.0.4.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.17:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "13.0.4.2",
                  "status": "affected",
                  "version": "13.0.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.12.17",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.\u003c/p\u003e"
                }
              ],
              "value": "IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-25T02:03:18.631Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7249061"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eRemediation/Fixes Affected Product(s) Versions(s) APAR Remediation / Fixes IBM App Connect Enterprise 13.0.1.0 - 13.0.4.2 IT48403 The APAR (IT48403) is available from IBM App Connect Enterprise v13- Fix Pack Release 13.0.5.0 IBM App Connect Enterprise 12.0.1.0 - 12.0.12.17 IT48403 The APAR (IT48403) is available from IBM App Connect Enterprise v12- Fix Pack Release 12.0.12.18\u003c/p\u003e"
                }
              ],
              "value": "Remediation/Fixes Affected Product(s) Versions(s) APAR Remediation / Fixes IBM App Connect Enterprise 13.0.1.0 - 13.0.4.2 IT48403 The APAR (IT48403) is available from IBM App Connect Enterprise v13- Fix Pack Release 13.0.5.0 IBM App Connect Enterprise 12.0.1.0 - 12.0.12.17 IT48403 The APAR (IT48403) is available from IBM App Connect Enterprise v12- Fix Pack Release 12.0.12.18"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-36361",
        "datePublished": "2025-10-24T09:35:20.590Z",
        "dateReserved": "2025-04-15T21:16:55.331Z",
        "dateUpdated": "2025-10-25T02:03:18.631Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-49338 (GCVE-0-2024-49338)

    Vulnerability from cvelistv5 – Published: 2025-01-18 15:00 – Updated: 2025-01-21 20:59
    VLAI
    Title
    IBM App Connect Enterprise information disclosure
    Summary
    IBM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1323 - Improper Management of Sensitive Trace Data
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 12.0.1.0 , ≤ 12.0.7.0 (semver)
    Affected: 13.0.1.0
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.7.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-49338",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-21T20:59:34.777237Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-21T20:59:39.138Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.7.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.7.0",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                },
                {
                  "status": "affected",
                  "version": "13.0.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials.\u003c/span\u003e"
                }
              ],
              "value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1323",
                  "description": "CWE-1323 Improper Management of Sensitive Trace Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-18T15:00:16.148Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7175396"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-49338",
        "datePublished": "2025-01-18T15:00:16.148Z",
        "dateReserved": "2024-10-14T12:05:13.491Z",
        "dateUpdated": "2025-01-21T20:59:39.138Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-31894 (GCVE-0-2024-31894)

    Vulnerability from cvelistv5 – Published: 2024-05-22 19:17 – Updated: 2024-08-02 01:59
    VLAI
    Title
    IBM App Connect Enterprise information disclosure
    Summary
    IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-324 - Use of a Key Past its Expiration Date
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 12.0.1.0 , ≤ 12.0.12.1 (semver)
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-31894",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-28T20:07:10.305598Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-28T20:07:17.638Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:59:50.475Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7154606"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/288175"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.12.1",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token.  IBM X-Force ID:  288175."
                }
              ],
              "value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token.  IBM X-Force ID:  288175."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-324",
                  "description": "CWE-324 Use of a Key Past its Expiration Date",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-22T19:17:51.702Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7154606"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/288175"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-31894",
        "datePublished": "2024-05-22T19:17:51.702Z",
        "dateReserved": "2024-04-07T12:44:57.195Z",
        "dateUpdated": "2024-08-02T01:59:50.475Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-31895 (GCVE-0-2024-31895)

    Vulnerability from cvelistv5 – Published: 2024-05-22 19:16 – Updated: 2024-08-02 01:59
    VLAI
    Title
    IBM App Connect Enterprise information disclosure
    Summary
    IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-324 - Use of a Key Past its Expiration Date
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 12.0.1.0 , ≤ 12.0.12.1 (semver)
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-31895",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-28T20:08:44.469157Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-28T20:08:52.341Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:59:50.213Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7154606"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/288176"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.12.1",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token.  IBM X-Force ID:  288176."
                }
              ],
              "value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token.  IBM X-Force ID:  288176."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-324",
                  "description": "CWE-324 Use of a Key Past its Expiration Date",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-22T19:16:30.321Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7154606"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/288176"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-31895",
        "datePublished": "2024-05-22T19:16:30.321Z",
        "dateReserved": "2024-04-07T12:44:57.196Z",
        "dateUpdated": "2024-08-02T01:59:50.213Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-31893 (GCVE-0-2024-31893)

    Vulnerability from cvelistv5 – Published: 2024-05-22 19:04 – Updated: 2024-08-02 01:59
    VLAI
    Title
    IBM App Connect Enterprise information disclosure
    Summary
    IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-324 - Use of a Key Past its Expiration Date
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 12.0.1.0 , ≤ 12.0.12.1 (semver)
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-31893",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-23T16:18:07.085045Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:36:39.524Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:59:49.929Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7154606"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/288174"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.12.1",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token.  IBM X-Force ID:  288174."
                }
              ],
              "value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token.  IBM X-Force ID:  288174."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-324",
                  "description": "CWE-324 Use of a Key Past its Expiration Date",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-22T19:04:53.056Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7154606"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/288174"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-31893",
        "datePublished": "2024-05-22T19:04:53.056Z",
        "dateReserved": "2024-04-07T12:44:57.195Z",
        "dateUpdated": "2024-08-02T01:59:49.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-31904 (GCVE-0-2024-31904)

    Vulnerability from cvelistv5 – Published: 2024-05-22 18:34 – Updated: 2024-08-02 01:59
    VLAI
    Title
    IBM App Connect Enterprise denial of service
    Summary
    IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception. IBM X-Force ID: 289647.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 11.0.0.1 , ≤ 11.0.0.25 (semver)
    Affected: 12.0.1.0 , ≤ 12.0.12.0 (semver)
        cpe:2.3:a:ibm:app_connect_enterprise:11.0.0.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:11.0.0.25:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-31904",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-23T15:48:27.874415Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:36:06.241Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:59:50.282Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7154607"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/289647"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:app_connect_enterprise:11.0.0.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:11.0.0.25:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.0.0.25",
                  "status": "affected",
                  "version": "11.0.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.12.0",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception.  IBM X-Force ID:  289647."
                }
              ],
              "value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception.  IBM X-Force ID:  289647."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248 Uncaught Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-22T18:34:39.881Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7154607"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/289647"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-31904",
        "datePublished": "2024-05-22T18:34:39.881Z",
        "dateReserved": "2024-04-07T12:45:07.197Z",
        "dateUpdated": "2024-08-02T01:59:50.282Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-28760 (GCVE-0-2024-28760)

    Vulnerability from cvelistv5 – Published: 2024-05-11 13:00 – Updated: 2024-08-02 00:56
    VLAI
    Title
    IBM App Connect Enterprise denial of service
    Summary
    IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. IBM X-Force ID: 285244.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 11.0.0.1 , ≤ 11.0.0.25 (semver)
    Affected: 12.0.1.0 , ≤ 12.0.12.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28760",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-13T15:27:52.815838Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T18:03:38.042Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:56:58.372Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7150845"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285244"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.0.0.25",
                  "status": "affected",
                  "version": "11.0.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.12.0",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation.  IBM X-Force ID:  285244."
                }
              ],
              "value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation.  IBM X-Force ID:  285244."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-11T13:00:12.261Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7150845"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285244"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-28760",
        "datePublished": "2024-05-11T13:00:12.261Z",
        "dateReserved": "2024-03-10T12:22:43.137Z",
        "dateUpdated": "2024-08-02T00:56:58.372Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-28761 (GCVE-0-2024-28761)

    Vulnerability from cvelistv5 – Published: 2024-05-11 12:57 – Updated: 2025-03-13 17:33
    VLAI
    Title
    IBM App Connect Enterprise HTML injection
    Summary
    IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 285245.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • 80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 11.0.0.1 , ≤ 11.0.0.25 (semver)
    Affected: 12.0.1.0 , ≤ 12.0.12.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28761",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-12T21:15:49.473437Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-13T17:33:41.765Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:56:58.044Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7150847"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285245"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.0.0.25",
                  "status": "affected",
                  "version": "11.0.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.12.0",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site.  IBM X-Force ID:  285245."
                }
              ],
              "value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim\u0027s Web browser within the security context of the hosting site.  IBM X-Force ID:  285245."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-11T12:57:59.134Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7150847"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285245"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise HTML injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-28761",
        "datePublished": "2024-05-11T12:57:59.134Z",
        "dateReserved": "2024-03-10T12:22:43.137Z",
        "dateUpdated": "2025-03-13T17:33:41.765Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22356 (GCVE-0-2024-22356)

    Vulnerability from cvelistv5 – Published: 2024-03-26 14:12 – Updated: 2024-08-05 16:34
    VLAI
    Title
    IBM App Connect Enterprise and IBM Integration Bus for z/OS information disclosure
    Summary
    IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force ID: 280893.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-117 - Improper Output Neutralization for Logs
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 11.0.0.1 , ≤ 11.0.0.23 (semver)
    Affected: 12.0.1.0 , ≤ 12.0.9.0 (semver)
    Create a notification for this product.
    IBM Integration Bus Affected: 10.1 , ≤ 10.1.0.2 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:43:34.680Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7145144"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280893"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22356",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-05T16:34:25.516722Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:34:40.409Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.0.0.23",
                  "status": "affected",
                  "version": "11.0.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.9.0",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Integration Bus",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "10.1.0.2",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user.  IBM X-Force ID:  280893."
                }
              ],
              "value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user.  IBM X-Force ID:  280893."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-117",
                  "description": "CWE-117 Improper Output Neutralization for Logs",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-26T14:12:18.122Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7145144"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280893"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise and IBM Integration Bus for z/OS information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-22356",
        "datePublished": "2024-03-26T14:12:18.122Z",
        "dateReserved": "2024-01-08T23:42:36.757Z",
        "dateUpdated": "2024-08-05T16:34:40.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22317 (GCVE-0-2024-22317)

    Vulnerability from cvelistv5 – Published: 2024-01-18 13:16 – Updated: 2025-06-02 15:04
    VLAI
    Title
    IBM App Connect Enterprise denial of service
    Summary
    IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 11.0.0.1 , ≤ 11.0.0.24 (semver)
    Affected: 12.0.1.0 , ≤ 12.0.11.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:43:34.532Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7108661"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279143"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22317",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:42:52.445911Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-02T15:04:02.999Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.0.0.24",
                  "status": "affected",
                  "version": "11.0.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.11.0",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts.  IBM X-Force ID:  279143."
                }
              ],
              "value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts.  IBM X-Force ID:  279143."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-18T13:16:34.298Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7108661"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279143"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-22317",
        "datePublished": "2024-01-18T13:16:34.298Z",
        "dateReserved": "2024-01-08T23:41:52.508Z",
        "dateUpdated": "2025-06-02T15:04:02.999Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-45176 (GCVE-0-2023-45176)

    Vulnerability from cvelistv5 – Published: 2023-10-14 15:35 – Updated: 2024-09-16 18:34
    VLAI
    Title
    IBM App Connect Enterprise and IBM Integration Bus denial of service
    Summary
    IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: 247998.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 11.0.0.1 , ≤ 11.0.0.23 (semver)
    Affected: 12.0.1.0 , ≤ 12.0.10.0 (semver)
    Create a notification for this product.
    IBM Integration Bus Affected: 10.1 , ≤ 10.1.0.1 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:14:19.866Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7051448"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267998"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45176",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-16T18:11:48.543494Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-16T18:34:37.866Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "11.0.0.23",
                  "status": "affected",
                  "version": "11.0.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "12.0.10.0",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Integration Bus",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "10.1.0.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows.  IBM X-Force ID:  247998."
                }
              ],
              "value": "IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows.  IBM X-Force ID:  247998."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-14T15:35:21.138Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7051448"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267998"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise and IBM Integration Bus denial of service",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-45176",
        "datePublished": "2023-10-14T15:35:21.138Z",
        "dateReserved": "2023-10-05T01:38:58.206Z",
        "dateUpdated": "2024-09-16T18:34:37.866Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40682 (GCVE-0-2023-40682)

    Vulnerability from cvelistv5 – Published: 2023-10-13 15:41 – Updated: 2024-09-16 20:35
    VLAI
    Title
    IBM App Connect Enterprise information disclosure
    Summary
    IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    ibm
    Impacted products
    Vendor Product Version
    IBM App Connect Enterprise Affected: 12.0.1.0 , ≤ 12.0.8.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:38:51.284Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/7051204"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263833"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40682",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-16T20:35:13.215066Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-16T20:35:22.475Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "App Connect Enterprise",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "12.0.8.0",
                  "status": "affected",
                  "version": "12.0.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs.  IBM X-Force ID:  263833."
                }
              ],
              "value": "IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs.  IBM X-Force ID:  263833."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-13T15:41:07.361Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.ibm.com/support/pages/node/7051204"
            },
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263833"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM App Connect Enterprise information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2023-40682",
        "datePublished": "2023-10-13T15:41:07.361Z",
        "dateReserved": "2023-08-18T15:48:06.501Z",
        "dateUpdated": "2024-09-16T20:35:22.475Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }